face-swap
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official
@runcomfy/clipackage from the NPM registry and communicates with vendor-owned domains (runcomfy.com, runcomfy.net). These are legitimate resources belonging to the skill author. - [SAFE]: Command execution is restricted to the
runcomfybinary via theallowed-toolsfrontmatter, preventing arbitrary shell command execution. - [SAFE]: The skill processes external media URLs (images, audio, video) provided by the user. It proactively addresses security concerns by including a 'Security & Privacy' section that warns about potential indirect prompt injection from reference assets and instructs the agent to refuse harmful or non-consensual requests.
- [SAFE]: Credential management is handled through standard CLI login procedures or environment variables, with documentation correctly identifying the local configuration path without attempting unauthorized access.
Audit Metadata